| शीर्षक | https://pmweb.com/ PMWeb PMWeb Version 7.2.00 stored XSS after bypassing the Web Application Firewall |
|---|
| विवरण | We have identified a stored Cross-Site Scripting (XSS) vulnerability in this application. Initially, the Web Application Firewall (WAF) in place prevented us from executing JavaScript code. To demonstrate this, we will start with a basic XSS payload that the WAF blocks.
Subsequently, we will present our custom advanced payload that successfully bypassed the WAF and resulted in a stored XSS in all input fields of the application. Let's proceed with the demonstration. |
|---|
| स्रोत | ⚠️ https://mega.nz/file/nEcUTJxI#L2DCw4f4iwbXuErXlB1NRowprk1UZjWw6FtLgBgBpEA |
|---|
| उपयोगकर्ता | ahmed8199 (UID 60803) |
|---|
| सबमिशन | 28/07/2024 09:18 PM (2 साल पहले) |
|---|
| संयम | 04/08/2024 10:20 AM (7 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 273559 [PMWeb 7.2.00 Web Application Firewall क्रॉस साइट स्क्रिप्टिंग] |
|---|
| अंक | 20 |
|---|